<!DOCTYPE html>
<html>
<head>
  <meta charset="utf-8">
  <title>文件上传漏洞代码 | Dxm&#39;blog</title>
  <meta name="keywords" content=" 文件上传 ">
  <meta name="description" content="文件上传漏洞代码 | Dxm&#39;blog">
    <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
<meta name="description" content="Web安全之文件上传漏洞1、编写一个上传图片的功能页面 2、针对上传的文件进行验证（后缀验证、文件头验证、文件名验证等） 3、文件上传通常会与文件解析漏洞相结合，可以收集整理存在解析漏洞的组件和相关版本，无法部署相关环境，可以学习相关技术，不用实际操作 扩展学习：学习如何绕过黑名单验证、文件头验证，如何杜绝上传图片的功能无法利用获取 shell ？ 0x01 MIME类型检测 前端界面  &lt;">
<meta property="og:type" content="article">
<meta property="og:title" content="文件上传漏洞代码">
<meta property="og:url" content="http://daoxiaom.gitee.io/2020/03/07/%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E6%BC%8F%E6%B4%9E%E4%BB%A3%E7%A0%81/index.html">
<meta property="og:site_name" content="Dxm&#39;blog">
<meta property="og:description" content="Web安全之文件上传漏洞1、编写一个上传图片的功能页面 2、针对上传的文件进行验证（后缀验证、文件头验证、文件名验证等） 3、文件上传通常会与文件解析漏洞相结合，可以收集整理存在解析漏洞的组件和相关版本，无法部署相关环境，可以学习相关技术，不用实际操作 扩展学习：学习如何绕过黑名单验证、文件头验证，如何杜绝上传图片的功能无法利用获取 shell ？ 0x01 MIME类型检测 前端界面  &lt;">
<meta property="og:locale" content="en_US">
<meta property="og:image" content="http://daoxiaom.gitee.io/2020/03/07/%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E6%BC%8F%E6%B4%9E%E4%BB%A3%E7%A0%81/image-20200103170055068.png">
<meta property="article:published_time" content="2020-03-06T17:06:03.000Z">
<meta property="article:modified_time" content="2020-03-06T17:25:59.326Z">
<meta property="article:author" content="dxm">
<meta property="article:tag" content="文件上传">
<meta name="twitter:card" content="summary">
<meta name="twitter:image" content="http://daoxiaom.gitee.io/2020/03/07/%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E6%BC%8F%E6%B4%9E%E4%BB%A3%E7%A0%81/image-20200103170055068.png">


<link rel="icon" href="/img/avatar.jpg">

<link href="/css/style.css?v=1.0.1" rel="stylesheet">

<link href="/css/hl_theme/atom-light.css?v=1.0.1" rel="stylesheet">

<link href="//cdn.bootcss.com/animate.css/3.5.2/animate.min.css" rel="stylesheet">
<link href="//cdn.bootcss.com/font-awesome/4.7.0/css/font-awesome.min.css" rel="stylesheet">

<script src="//cdn.bootcss.com/jquery/2.2.4/jquery.min.js"></script>
<script src="/js/jquery.autocomplete.min.js?v=1.0.1" ></script>

<script src="//cdn.bootcss.com/highlight.js/9.12.0/highlight.min.js"></script>
<script>
    hljs.initHighlightingOnLoad();
</script>

<script src="//cdn.bootcss.com/nprogress/0.2.0/nprogress.min.js"></script>



<script src="//cdn.bootcss.com/jquery-cookie/1.4.1/jquery.cookie.min.js" ></script>

<script src="/js/iconfont.js?v=1.0.1" ></script>

<meta name="generator" content="Hexo 4.2.0"></head>
<div style="display: none">
  <input class="theme_disqus_on" value="false">
  <input class="theme_preload_comment" value="false">
  <input class="theme_blog_path" value="">
</div>

<body>
<aside class="nav">
    <div class="nav-left">
        <a href="/" class="avatar_target">
    <img class="avatar" src="/img/avatar.jpg" />
</a>
<div class="author">
    <span>dxm</span>
</div>

<div class="icon">
    
        
        <a title="github" href="https://yshdxm.github" target="_blank">
            
                <svg class="iconfont-svg" aria-hidden="true">
                    <use xlink:href="#icon-github"></use>
                </svg>
            
        </a>
        
    
        
        <a title="email" href="mailto:sxwnysh@163.com" target="_blank">
            
                <svg class="iconfont-svg" aria-hidden="true">
                    <use xlink:href="#icon-email"></use>
                </svg>
            
        </a>
        
    
        
        <a title="qq" href="http://wpa.qq.com/msgrd?v=3&uin=623473035&site=qq&menu=yes" target="_blank">
            
                <svg class="iconfont-svg" aria-hidden="true">
                    <use xlink:href="#icon-qq"></use>
                </svg>
            
        </a>
        
    
</div>




<ul>
    <li><div class="all active">全部文章<small>(3)</small></div></li>
    
        
            
            <li><div data-rel="Web安全">Web安全<small>(2)</small></div>
                
            </li>
            
        
    
</ul>
<div class="left-bottom">
    <div class="menus">
    
    
    
    
    </div>
    <div><a  class="friends">友链</a></div>
</div>
<input type="hidden" id="yelog_site_posts_number" value="3">

<div style="display: none">
    <span id="busuanzi_value_site_uv"></span>
    <span id="busuanzi_value_site_pv"></span>
</div>

    </div>
    <div class="nav-right">
        <div class="friends-area">
    <div class="friends-title">
        友情链接
        <i class="back-title-list"></i>
    </div>
    <div class="friends-content">
        <ul>
            
            <li><a target="_blank" href="http://yelog.org/">叶落阁</a></li>
            
        </ul>
    </div>
</div>
        <div class="title-list">
    <form onkeydown="if(event.keyCode === 13){return false;}">
        <input id="local-search-input" class="search" type="text" placeholder="Search..." />
        <i class="cross"></i>
        <span>
            <label for="tagswitch">Tags:</label>
            <input id="tagswitch" type="checkbox" style="display: none" />
            <i id="tagsWitchIcon"></i>
        </span>
    </form>
    <div class="tags-list">
    
    <li class="article-tag-list-item">
        <a class="color1">web安全</a>
    </li>
    
    <li class="article-tag-list-item">
        <a class="color5">文件上传</a>
    </li>
    
    <div class="clearfix"></div>
</div>

    
    <nav id="title-list-nav">
        
        <a  class=""
           href="/2020/03/04/hello-world/"
           data-tag=""
           data-author="" >
            <span class="post-title" title="Hello World">Hello World</span>
            <span class="post-date" title="2020-03-04 14:09:03">2020/03/04</span>
        </a>
        
        <a  class="Web安全 "
           href="/2020/03/04/web%E5%AE%89%E5%85%A8%E4%B9%8B%E6%96%87%E4%BB%B6%E5%8C%85%E5%90%AB%E6%BC%8F%E6%B4%9E/"
           data-tag="web安全"
           data-author="" >
            <span class="post-title" title="web安全之文件包含漏洞">web安全之文件包含漏洞</span>
            <span class="post-date" title="2020-03-04 15:35:11">2020/03/04</span>
        </a>
        
        <a  class="Web安全 "
           href="/2020/03/07/%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E6%BC%8F%E6%B4%9E%E4%BB%A3%E7%A0%81/"
           data-tag="文件上传"
           data-author="" >
            <span class="post-title" title="文件上传漏洞代码">文件上传漏洞代码</span>
            <span class="post-date" title="2020-03-07 01:06:03">2020/03/07</span>
        </a>
        
    </nav>
</div>
    </div>
    <div class="hide-list">
        <div class="semicircle">
            <div class="brackets first"><</div>
            <div class="brackets">&gt;</div>
        </div>
    </div>
</aside>
<div class="post">
    <div class="pjax">
        <article id="post-文件上传漏洞代码" class="article article-type-post" itemscope itemprop="blogPost">
    
        <h1 class="article-title">文件上传漏洞代码</h1>
    
    <div class="article-meta">
        
        
        
        <span class="book">
            
                <a  data-rel="Web安全">Web安全</a>
            
        </span>
        
        
        <span class="tag">
            
            <a class="color5">文件上传</a>
            
        </span>
        
    </div>
    <div class="article-meta">
        
        创建时间:<time class="date" title='更新时间: 2020-03-07 01:25:59'>2020-03-07 01:06</time>
        
    </div>
    <div class="article-meta">
        
        
        <span id="busuanzi_container_page_pv">
            阅读:<span id="busuanzi_value_page_pv">
                <span class="count-comment">
                    <span class="spinner">
                      <div class="cube1"></div>
                      <div class="cube2"></div>
                    </span>
                </span>
            </span>
        </span>
        
        
    </div>
    
    <div class="toc-ref">
    
        <ol class="toc"><li class="toc-item toc-level-2"><a class="toc-link" href="#Web安全之文件上传漏洞"><span class="toc-text">Web安全之文件上传漏洞</span></a><ol class="toc-child"><li class="toc-item toc-level-3"><a class="toc-link" href="#0x01-MIME类型检测"><span class="toc-text">0x01 MIME类型检测</span></a><ol class="toc-child"><li class="toc-item toc-level-5"><a class="toc-link" href="#前端界面"><span class="toc-text">前端界面</span></a></li><li class="toc-item toc-level-5"><a class="toc-link" href="#绕过方式"><span class="toc-text">绕过方式</span></a></li></ol></li></ol></li><li class="toc-item toc-level-3"><a class="toc-link" href="#0x02-后缀名检测"><span class="toc-text">0x02 后缀名检测</span></a><ol class="toc-child"><li class="toc-item toc-level-5"><a class="toc-link" href="#后端代码"><span class="toc-text">后端代码</span></a></li><li class="toc-item toc-level-5"><a class="toc-link" href="#绕过方式-1"><span class="toc-text">绕过方式</span></a></li></ol></li></ol></li><li class="toc-item toc-level-3"><a class="toc-link" href="#0x03-文件头检测"><span class="toc-text">0x03 文件头检测</span></a><ol class="toc-child"><li class="toc-item toc-level-5"><a class="toc-link" href="#绕过方式-2"><span class="toc-text">绕过方式</span></a></li></ol></li><li class="toc-item toc-level-4"><a class="toc-link" href="#方法一："><span class="toc-text">方法一：</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#方法二："><span class="toc-text">方法二：</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#方法三："><span class="toc-text">方法三：</span></a></li></ol></li><li class="toc-item toc-level-3"><a class="toc-link" href="#0x04-白名单验证"><span class="toc-text">0x04 白名单验证</span></a></li></ol></li></ol>
    
<style>
    .left-col .switch-btn,
    .left-col .switch-area {
        display: none;
    }
    .toc-level-3 i,
    .toc-level-3 ol {
        display: none !important;
    }
</style>
</div>
    
    <div class="article-entry" itemprop="articleBody">
      
        <h2 id="Web安全之文件上传漏洞"><a href="#Web安全之文件上传漏洞" class="headerlink" title="Web安全之文件上传漏洞"></a>Web安全之文件上传漏洞</h2><p>1、编写一个上传图片的功能页面</p>
<p>2、针对上传的文件进行验证（后缀验证、文件头验证、文件名验证等）</p>
<p>3、文件上传通常会与文件解析漏洞相结合，可以收集整理存在解析漏洞的组件和相关版本，无法部署相关环境，可以学习相关技术，不用实际操作</p>
<p><code>扩展学习</code>：学习如何绕过黑名单验证、文件头验证，如何杜绝上传图片的功能无法利用获取 shell ？</p>
<h3 id="0x01-MIME类型检测"><a href="#0x01-MIME类型检测" class="headerlink" title="0x01 MIME类型检测"></a>0x01 MIME类型检测</h3><ul>
<li><h5 id="前端界面"><a href="#前端界面" class="headerlink" title="前端界面"></a>前端界面</h5></li>
<li><p><img src="/2020/03/07/%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E6%BC%8F%E6%B4%9E%E4%BB%A3%E7%A0%81/image-20200103170055068.png" alt></p>
<pre><code class="html">&lt;html&gt;
&lt;meta charset=&quot;UTF-8&quot;&gt;
&lt;body&gt;
&lt;form action=upload_file.php method=&quot;post&quot;enctype=&quot;multipart/form-data&quot;&gt;
&lt;label for=&quot;file&quot;&gt;上传文件:&lt;/label&gt;
&lt;input type=&quot;file&quot; name=&quot;file&quot; id=&quot;file&quot;&gt;&lt;br&gt;
&lt;input type=&quot;submit&quot; name=&quot;submit&quot; value=&quot;上传&quot;&gt;
&lt;/form&gt;
&lt;/body&gt;
&lt;/html&gt;</code></pre>
</li>
<li><p>后端代码</p>
<pre><code class="php">&lt;?php
if ((($_FILES[&quot;file&quot;][&quot;type&quot;] == &quot;image/gif&quot;) 
|| ($_FILES[&quot;file&quot;][&quot;type&quot;] == &quot;image/jpeg&quot;)
|| ($_FILES[&quot;file&quot;][&quot;type&quot;] == &quot;image/png&quot;))
&amp;&amp; ($_FILES[&quot;file&quot;][&quot;size&quot;] &lt; 20000))
  {
  if ($_FILES[&quot;file&quot;][&quot;error&quot;] &gt; 0)  //file_error等于0的话则上传成功
    {
    echo &quot;Return Code: &quot; . $_FILES[&quot;file&quot;][&quot;error&quot;] . &quot;&lt;br /&gt;&quot;;//由文件上传导致的错误代码
    }
  else
    {
    echo &quot;Upload: &quot; . $_FILES[&quot;file&quot;][&quot;name&quot;] . &quot;&lt;br /&gt;&quot;;//被上传文件的名称
    echo &quot;Type: &quot; . $_FILES[&quot;file&quot;][&quot;type&quot;] . &quot;&lt;br /&gt;&quot;; //被上传文件的类型
    echo &quot;Size: &quot; . ($_FILES[&quot;file&quot;][&quot;size&quot;] / 1024) . &quot; Kb&lt;br /&gt;&quot;;//被上传文件的大小，以字节计
    echo &quot;Temp file: &quot; . $_FILES[&quot;file&quot;][&quot;tmp_name&quot;] . &quot;&lt;br /&gt;&quot;;//存储在服务器的文件的临时副本的名称

    if (file_exists(&quot;up/&quot; . $_FILES[&quot;file&quot;][&quot;name&quot;]))//file_exists() 函数检查文件或目录是否存在
      {
      echo $_FILES[&quot;file&quot;][&quot;name&quot;] . &quot; already exists. &quot;;
      }
    else
      {
      move_uploaded_file($_FILES[&quot;file&quot;][&quot;tmp_name&quot;],
      &quot;up/&quot; . $_FILES[&quot;file&quot;][&quot;name&quot;]);//move_uploaded_file() 函数将上传的文件移动到新位置。
      echo &quot;Stored in: &quot; . &quot;up/&quot; . $_FILES[&quot;file&quot;][&quot;name&quot;];
      }
    }
  }
else
  {
  echo &quot;Invalid file&quot;;
  }
?&gt;</code></pre>
</li>
<li><h5 id="绕过方式"><a href="#绕过方式" class="headerlink" title="绕过方式"></a>绕过方式</h5></li>
</ul>
<p>将content-type修改为 <code>image/jpeg</code> <code>image/png</code>  <code>image/gif</code> 其中一个即可</p>
<hr>
<h3 id="0x02-后缀名检测"><a href="#0x02-后缀名检测" class="headerlink" title="0x02 后缀名检测"></a>0x02 后缀名检测</h3><h5 id="后端代码"><a href="#后端代码" class="headerlink" title="后端代码"></a>后端代码</h5><pre><code class="php">&lt;?php
header(&quot;Content-Type: text/html;charset=utf-8&quot;);
if (isset($_POST[&#39;submit&#39;])) {
    if (file_exists(&quot;up/&quot;)) {
        $deny_ext = array(&#39;.asp&#39;,&#39;.aspx&#39;,&#39;.php&#39;,&#39;.jsp&#39;);
        $file_name = trim($_FILES[&quot;file&quot;][&quot;name&quot;]);//首尾去空
        $file_ext = strrchr($file_name, &#39;.&#39;);//查找字符串在另一个字符串中最后一次出现的位置，并返回从该位置到字符串结尾的所有字符。
        $file_ext = strtolower($file_ext); //转换为小写
        $file_ext = str_ireplace(&#39;::$DATA&#39;, &#39;&#39;, $file_ext);//去除字符串::$DATA
        $file_ext = trim($file_ext); //首尾去空
        if(!in_array($file_ext, $deny_ext)) {
            $temp_file = $_FILES[&quot;file&quot;][&quot;tmp_name&quot;];
            $img_path = &quot;up/&quot; . $file_name;            
            if (move_uploaded_file($temp_file,$img_path)) {
                 echo &quot;Stored in: &quot; . &quot;up/&quot; . $file_name;
            } else {
                $msg = &#39;上传出错！&#39;;
            }
        } else {
            echo &#39;不允许上传.asp,.aspx,.php,.jsp后缀文件！&#39;;
        }
    } else {
        $msg = &quot;up/&quot; . &#39;文件夹不存在,请手工创建！&#39;;
    }
}
?&gt;</code></pre>
<ul>
<li><h5 id="绕过方式-1"><a href="#绕过方式-1" class="headerlink" title="绕过方式"></a>绕过方式</h5><ol>
<li>利用windows特性， 在文件名后面加 .   就是 shell.php.  上传到服务器后由于windows特性自动去掉.  </li>
<li>利用 apache特性， 由右向左解析</li>
<li>利用 不常见的后缀  php2、 php3、 phtml等等</li>
<li>上传.htaccess文件</li>
</ol>
<hr>
<h3 id="0x03-文件头检测"><a href="#0x03-文件头检测" class="headerlink" title="0x03 文件头检测"></a>0x03 文件头检测</h3></li>
</ul>
<p>​    后端代码：</p>
<pre><code class="php">&lt;?php
header(&quot;Content-Type: text/html;charset=utf-8&quot;);
function getReailFileType($filename){
    $file = fopen($filename, &quot;rb&quot;);//fopen() 函数打开一个文件或 URL。
    $bin = fread($file, 2); //只读2字节 fread() 函数读取打开的文件。
    fclose($file);
    $strInfo = @unpack(&quot;C2chars&quot;, $bin); //这行代码不是很懂，   
    $typeCode = intval($strInfo[&#39;chars1&#39;].$strInfo[&#39;chars2&#39;]);    
    $fileType = &#39;&#39;;    
    switch($typeCode){      
        case 255216:            
            $fileType = &#39;jpg&#39;; 
            break;
        case 13780:            
            $fileType = &#39;png&#39;;
            break;        
        case 7173:            
            $fileType = &#39;gif&#39;;
            break;
        default:            
            $fileType = &#39;unknown&#39;;
        }    
        return $fileType;
}
if(isset($_POST[&#39;submit&#39;])){
    $temp_file = $_FILES[&#39;file&#39;][&#39;tmp_name&#39;];
    $file_type = getReailFileType($temp_file);

    if($file_type == &#39;unknown&#39;){
        echo &quot;文件未知，上传失败！&quot;;
    }else{
        $img_path = &quot;up/&quot;.rand(10, 99).date(&quot;YmdHis&quot;).&quot;.&quot;.$file_type;
        if(move_uploaded_file($temp_file,$img_path)){
            echo &quot;Stored in: &quot; .$img_path;
        } else {
            echo &quot;上传出错！&quot;;
        }
    }
}
?&gt;</code></pre>
<ul>
<li><h5 id="绕过方式-2"><a href="#绕过方式-2" class="headerlink" title="绕过方式"></a>绕过方式</h5><h4 id="方法一："><a href="#方法一：" class="headerlink" title="方法一："></a>方法一：</h4><p>使用winhex等编辑器 打开图片文件，将webshell直接插入末尾</p>
<h4 id="方法二："><a href="#方法二：" class="headerlink" title="方法二："></a>方法二：</h4><p>直接上传webshell,使用burpsuit 拦截并添加图片的文件头</p>
<h4 id="方法三："><a href="#方法三：" class="headerlink" title="方法三："></a>方法三：</h4><p>使用cmd命令行  copy 生成图片马</p>
<p>这种图片马，一般和文件包含漏洞在一起搭配</p>
</li>
</ul>
<hr>
<h3 id="0x04-白名单验证"><a href="#0x04-白名单验证" class="headerlink" title="0x04 白名单验证"></a>0x04 白名单验证</h3><p>后端代码：</p>
<pre><code class="php">&lt;?php
header(&quot;Content-Type: text/html;charset=utf-8&quot;);
if (isset($_POST[&#39;submit&#39;])) {
    if (file_exists(&quot;up/&quot;)) {
          $ext_arr = array(&#39;.jpg&#39;,&#39;.png&#39;,&#39;.gif&#39;);
        //$file_name = trim($_FILES[&quot;file&quot;][&quot;name&quot;]);
          $file_name = trim($_FILES[&quot;file&quot;][&quot;name&quot;]);
        //首尾去空
          $file_ext = strrchr($file_name, &#39;.&#39;);  //返回从&quot;.&quot; 到字符串结尾的字符
        //$file_ext = strtolower($file_ext); //转换为小写
       // $file_ext = str_ireplace(&#39;::$DATA&#39;, &#39;&#39;, $file_ext);//去除字符串::$DATA
        //$file_ext = trim($file_ext); //首尾去空
        if(in_array($file_ext, $ext_arr)) {
            $temp_file = $_FILES[&quot;file&quot;][&quot;tmp_name&quot;];
            $img_path = &quot;up/&quot; . $file_name;            
            if (move_uploaded_file($temp_file,$img_path)) {
                 echo &quot;Stored in: &quot; . &quot;up/&quot; . $file_name;
            } else {
                echo &#39;上传出错！&#39;;
            }
        } else {
            echo &#39;不允许上传.asp,.aspx,.php,.jsp后缀文件！&#39;;
        }
    } else {
        echo &quot;up/&quot; . &#39;文件夹不存在,请手工创建！&#39;;
    }
}
?&gt;</code></pre>
<p>这个白名单控制的上传，目前还没有找到可以绕过的方法， 只能上传图片马，配合文件包含</p>

      
       <hr><span style="font-style: italic;color: gray;"> 转载请注明来源，欢迎对文章中的引用来源进行考证，欢迎指出任何有错误或不够清晰的表达。可以在下面评论区评论，也可以邮件至 jaytp@qq.com </span>
    </div>
</article>


<p>
    <a  class="dashang" onclick="dashangToggle()">赏</a>
</p>


<div class="article_copyright">
    <p><span class="copy-title">文章标题:</span>文件上传漏洞代码</p>
    
    <p><span class="copy-title">本文作者:</span><a  title="dxm">dxm</a></p>
    <p><span class="copy-title">发布时间:</span>2020-03-07, 01:06:03</p>
    <p><span class="copy-title">最后更新:</span>2020-03-07, 01:25:59</p>
    <span class="copy-title">原始链接:</span><a class="post-url" href="/2020/03/07/%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E6%BC%8F%E6%B4%9E%E4%BB%A3%E7%A0%81/" title="文件上传漏洞代码">http://daoxiaom.gitee.io/2020/03/07/%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E6%BC%8F%E6%B4%9E%E4%BB%A3%E7%A0%81/</a>
    <p>
        <span class="copy-title">版权声明:</span><i class="fa fa-creative-commons"></i> <a rel="license noopener" href="http://creativecommons.org/licenses/by-nc-sa/4.0/" target="_blank" title="CC BY-NC-SA 4.0 International" target = "_blank">"署名-非商用-相同方式共享 4.0"</a> 转载请保留原文链接及作者。
    </p>
</div>





    




    </div>
    <div class="copyright">
        <p class="footer-entry">©2020-2023 Ysh</p>
<p class="footer-entry">Built with <a href="https://hexo.io/" target="_blank">Hexo</a> and <a href="https://github.com/yelog/hexo-theme-3-hexo" target="_blank">3-hexo</a> theme</p>

    </div>
    <div class="full-toc">
        <button class="full"><span class="min "></span></button>
<button class="post-toc-menu"><span class="post-toc-menu-icons"></span></button>
<div class="post-toc"><span class="post-toc-title">目录</span>
    <div class="post-toc-content">

    </div>
</div>
<a class="" id="rocket" ></a>

    </div>
</div>
<div class="acParent"></div>

<div class="hide_box" onclick="dashangToggle()"></div>
<div class="shang_box">
    <a class="shang_close"  onclick="dashangToggle()">×</a>
    <div class="shang_tit">
        <p>喜欢就点赞,疼爱就打赏</p>
    </div>
    <div class="shang_payimg">
        <div class="pay_img">
            <img src="/img/alipay.jpg" class="alipay" title="扫码支持">
            <img src="/img/weixin.jpg" class="weixin" title="扫码支持">
        </div>
    </div>
    <div class="shang_payselect">
        <span><label><input type="radio" name="pay" checked value="alipay">支付宝</label></span><span><label><input type="radio" name="pay" value="weixin">微信</label></span>
    </div>
</div>


</body>
<script src="/js/jquery.pjax.js?v=1.0.1" ></script>

<script src="/js/script.js?v=1.0.1" ></script>
<script>
    var img_resize = 'default';
    /*作者、标签的自动补全*/
    $(function () {
        $('.search').AutoComplete({
            'data': ['#web安全','#文件上传',],
            'itemHeight': 20,
            'width': 418
        }).AutoComplete('show');
    })
    function initArticle() {
        /*渲染对应的表格样式*/
        
            $(".post .pjax table").addClass("green_title");
        

        /*渲染打赏样式*/
        
        $("input[name=pay]").on("click", function () {
            if($("input[name=pay]:checked").val()=="weixin"){
                $(".shang_box .shang_payimg .pay_img").addClass("weixin_img");
            } else {
                $(".shang_box .shang_payimg .pay_img").removeClass("weixin_img");
            }
        })
        

        /*高亮代码块行号*/
        
        $('pre code').each(function(){
            var lines = $(this).text().split('\n').length - 1, widther='';
            if (lines>99) {
                widther = 'widther'
            }
            var $numbering = $('<ul/>').addClass('pre-numbering ' + widther).attr("unselectable","on");
            $(this).addClass('has-numbering ' + widther)
                    .parent()
                    .append($numbering);
            for(var i=1;i<=lines;i++){
                $numbering.append($('<li/>').text(i));
            }
        });
        

        /*访问数量*/
        
        $.getScript("//busuanzi.ibruce.info/busuanzi/2.3/busuanzi.pure.mini.js");
        

        /*代码高亮，行号对齐*/
        $('.pre-numbering').css('line-height',$('.has-numbering').css('line-height'));

        
        
    }

    /*打赏页面隐藏与展示*/
    
    function dashangToggle() {
        $(".shang_box").fadeToggle();
        $(".hide_box").fadeToggle();
    }
    

</script>

<!--加入行号的高亮代码块样式-->

<style>
    pre{
        position: relative;
        margin-bottom: 24px;
        border-radius: 10px;
        border: 1px solid #e2dede;
        background: #FFF;
        overflow: hidden;
    }
    code.has-numbering{
        margin-left: 30px;
    }
    code.has-numbering.widther{
        margin-left: 35px;
    }
    .pre-numbering{
        margin: 0px;
        position: absolute;
        top: 0;
        left: 0;
        width: 20px;
        padding: 0.5em 3px 0.7em 5px;
        border-right: 1px solid #C3CCD0;
        text-align: right;
        color: #AAA;
        background-color: #fafafa;
    }
    .pre-numbering.widther {
        width: 35px;
    }
</style>

<!--自定义样式设置-->
<style>
    
    
    .nav {
        width: 542px;
    }
    .nav.fullscreen {
        margin-left: -542px;
    }
    .nav-left {
        width: 120px;
    }
    
    
    @media screen and (max-width: 1468px) {
        .nav {
            width: 492px;
        }
        .nav.fullscreen {
            margin-left: -492px;
        }
        .nav-left {
            width: 100px;
        }
    }
    
    
    @media screen and (max-width: 1024px) {
        .nav {
            width: 492px;
            margin-left: -492px
        }
        .nav.fullscreen {
            margin-left: 0;
        }
        .nav .hide-list.fullscreen {
            left: 492px
        }
    }
    
    @media screen and (max-width: 426px) {
        .nav {
            width: 100%;
        }
        .nav-left {
            width: 100%;
        }
    }
    
    
    .nav-right .title-list nav a .post-title, .nav-right .title-list #local-search-result a .post-title {
        color: #383636;
    }
    
    
    .nav-right .title-list nav a .post-date, .nav-right .title-list #local-search-result a .post-date {
        color: #5e5e5f;
    }
    
    
    .nav-right nav a.hover, #local-search-result a.hover{
        background-color: #e2e0e0;
    }
    
    

    /*列表样式*/
    
    .post .pjax article .article-entry>ol, .post .pjax article .article-entry>ul, .post .pjax article>ol, .post .pjax article>ul{
        border: #e2dede solid 1px;
        border-radius: 10px;
        padding: 10px 32px 10px 56px;
    }
    .post .pjax article .article-entry li>ol, .post .pjax article .article-entry li>ul,.post .pjax article li>ol, .post .pjax article li>ul{
        padding-top: 5px;
        padding-bottom: 5px;
    }
    .post .pjax article .article-entry>ol>li, .post .pjax article .article-entry>ul>li,.post .pjax article>ol>li, .post .pjax article>ul>li{
        margin-bottom: auto;
        margin-left: auto;
    }
    .post .pjax article .article-entry li>ol>li, .post .pjax article .article-entry li>ul>li,.post .pjax article li>ol>li, .post .pjax article li>ul>li{
        margin-bottom: auto;
        margin-left: auto;
    }
    

    /* 背景图样式 */
    
    


    /*引用块样式*/
    

    /*文章列表背景图*/
    
    .nav-right:before {
        content: ' ';
        display: block;
        position: absolute;
        left: 0;
        top: 0;
        width: 100%;
        height: 100%;
        opacity: 0.3;
        background: url("https://i.loli.net/2020/03/04/DptKv68YejglLaW.jpg");
        background-repeat: no-repeat;
        background-position: 50% 0;
        -ms-background-size: cover;
        -o-background-size: cover;
        -moz-background-size: cover;
        -webkit-background-size: cover;
        background-size: cover;
    }
    

    
</style>







</html>
